pywebexec 1.7.2__py3-none-any.whl → 1.7.3__py3-none-any.whl

pywebexec/pywebexec.py

@@ -36,7 +36,7 @@ app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'  # Add SameSite attribute to sessi
 auth = HTTPBasicAuth()
 
 app.config['LDAP_SERVER'] = os.environ.get('PYWEBEXEC_LDAP_SERVER')
-app.config['LDAP_USER_ID'] = os.environ.get('PYWEBEXEC_LDAP_USER_ID', "uid")
+app.config['LDAP_USER_ID'] = os.environ.get('PYWEBEXEC_LDAP_USER_ID', "uid") # sAMAccountName
 app.config['LDAP_GROUPS'] = os.environ.get('PYWEBEXEC_LDAP_GROUPS')
 app.config['LDAP_BASE_DN'] = os.environ.get('PYWEBEXEC_LDAP_BASE_DN')
 app.config['LDAP_BIND_DN'] = os.environ.get('PYWEBEXEC_LDAP_BIND_DN')
@@ -593,6 +593,7 @@ def read_commands():
                     'start_time': status.get('start_time', 'N/A'),
                     'end_time': status.get('end_time', 'N/A'),
                     'command': command,
+                    'user': status.get('user'),
                     'exit_code': status.get('exit_code', 'N/A'),
                     'last_output_line': status.get('last_output_line'),
                 })
@@ -687,13 +688,18 @@ def verify_ldap(username, password):
     tls_configuration = Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2) if app.config['LDAP_SERVER'].startswith("ldaps:") else None
     server = Server(app.config['LDAP_SERVER'], tls=tls_configuration, get_info=ALL)
     user_filter = f"({app.config['LDAP_USER_ID']}={username})"
+    group_filter = ""
+    if app.config["LDAP_GROUPS"]:
+        group_filter = "".join(f"(memberOf={group})" for group in app.config['LDAP_GROUPS'].split(" "))
+        group_filter = f"(|{group_filter})"
+    ldap_filter = f"(&(objectClass=person){user_filter}{group_filter})"
     try:
         # Bind with the bind DN and password
         conn = Connection(server, user=app.config['LDAP_BIND_DN'], password=app.config['LDAP_BIND_PASSWORD'], authentication=SIMPLE, auto_bind=True, read_only=True)
         try:
-            conn.search(search_base=app.config['LDAP_BASE_DN'], search_filter=user_filter, search_scope=SUBTREE)
+            conn.search(search_base=app.config['LDAP_BASE_DN'], search_filter=ldap_filter, search_scope=SUBTREE)
             if len(conn.entries) == 0:
-                print(f"User {username} not found in LDAP.")
+                print(f"User {username} not found in LDAP in allowed groups.")
                 return False
             user_dn = conn.entries[0].entry_dn
         finally:
@@ -702,15 +708,10 @@ def verify_ldap(username, password):
         # Bind with the user DN and password to verify credentials
         conn = Connection(server, user=user_dn, password=password, authentication=SIMPLE, auto_bind=True, read_only=True)
         try:
-            if not app.config['LDAP_GROUPS'] and conn.result["result"] == 0:
+            if conn.result["result"] == 0:
                 return True
-            group_filter = "".join([f'({group})' for group in app.config['LDAP_GROUPS'].split(",")])
-            group_filter = f"(&{group_filter}(|(member={user_dn})(uniqueMember={user_dn})))"
-            conn.search(search_base=app.config['LDAP_BASE_DN'], search_filter=group_filter, search_scope=SUBTREE)
-            result = len(conn.entries) > 0
-            if not result:
-                print(f"User {username} is not a member of groups {app.config['LDAP_GROUPS']}.")
-            return result
+            print(f"{username}: Password mismatch")
+            return False
         finally:
             conn.unbind()
     except Exception as e:

pywebexec/static/js/script.js

@@ -186,7 +186,7 @@ async function fetchCommands(hide=false) {
                 <td>
                     ${command.command.startsWith('term') ? '' : command.status === 'running' ? `<button onclick="stopCommand('${command.command_id}', event)">Stop</button>` : `<button onclick="relaunchCommand('${command.command_id}', event)">Run</button>`}
                 </td>
-                <td class="system-font">${command.command.replace(/^\.\//, '')}</td>
+                <td class="system-font" title="${command.user == '-' ? '' : command.user}">${command.command.replace(/^\.\//, '')}</td>
                 <td class="monospace outcol">
                     <button class="popup-button" onclick="openPopup('${command.command_id}', event)"></button>
                     ${command.last_output_line || ''}

pywebexec/version.py

@@ -12,5 +12,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '1.7.2'
-__version_tuple__ = version_tuple = (1, 7, 2)
+__version__ = version = '1.7.3'
+__version_tuple__ = version_tuple = (1, 7, 3)

{pywebexec-1.7.2.dist-info → pywebexec-1.7.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pywebexec
-Version: 1.7.2
+Version: 1.7.3
 Summary: Simple Python HTTP Exec Server
 Home-page: https://github.com/joknarf/pywebexec
 Author: Franck Jouvanceau
@@ -157,9 +157,9 @@ Generated password is given if no `--pasword` option
 $ export PYWEBEXEC_LDAP_SERVER=ldap://ldap.forumsys.com:389
 $ export PYWEBEXEC_LDAP_BIND_DN="cn=read-only-admin,dc=example,dc=com"
 $ export PYWEBEXEC_LDAP_BIND_PASSWORD="password"
-$ export PYWEBEXEC_LDAP_GROUPS="ou=mathematicians,ou=scientists"
-$ export PYWEBEXEC_LDAP_USER_ID="uid"
 $ export PYWEBEXEC_LDAP_BASE_DN="dc=example,dc=com"
+$ export PYWEBEXEC_LDAP_USER_ID="uid" # sAMAccountName for AD
+$ export PYWEBEXEC_LDAP_GROUPS="ou=mathematicians,dc=example,dc=com ou=scientists,dc=example,dc=com"
 $ pywebexec
 ```
 ## HTTPS server

{pywebexec-1.7.2.dist-info → pywebexec-1.7.3.dist-info}/RECORD

@@ -1,6 +1,6 @@
 pywebexec/__init__.py,sha256=4spIsVaF8RJt8S58AG_wWoORRNkws9Iwqprj27C3ljM,99
-pywebexec/pywebexec.py,sha256=gJsI7kob3IyB6DVoWWSyEHOcxpWlsZz-b7jQUyePA-A,33555
-pywebexec/version.py,sha256=Qj1rYkRQ0hSV6NX03bgvPhjsn6HWrQ8maBXi446C5ZM,411
+pywebexec/pywebexec.py,sha256=YlPtbHqISlpQN5S0gPVk0gRbvuJtg1rXrF2SPzgUXjA,33456
+pywebexec/version.py,sha256=Lv0gR-NbC-8DxwfmwXEmOzSq6Hgx6MH4xF1fYh_opXo,411
 pywebexec/static/css/Consolas NF.ttf,sha256=DJEOzF0eqZ-kxu3Gs_VE8X0NJqiobBzmxWDGpdgGRxI,1313900
 pywebexec/static/css/style.css,sha256=3s7QgbCh4wb7kfZ7Pjo-B6o3lDIBogZ-3j6AfaPdpzU,8209
 pywebexec/static/css/xterm.css,sha256=uo5phWaUiJgcz0DAzv46uoByLLbJLeetYosL1xf68rY,5559
@@ -22,7 +22,7 @@ pywebexec/static/images/running.svg,sha256=fBCYwYb2O9K4N3waC2nURP25NRwZlqR4PbDZy
 pywebexec/static/images/success.svg,sha256=NVwezvVMplt46ElW798vqGfrL21Mw_DWHUp_qiD_FU8,489
 pywebexec/static/js/commands.js,sha256=h2fkd9qpypLBxvhEEbay23nwuqUwcKJA0vHugcyL8pU,7961
 pywebexec/static/js/popup.js,sha256=UPKtjPLIR5KaAV2i1iWUGwcCTX1tT3vnOIMc8VKQqag,9311
-pywebexec/static/js/script.js,sha256=W5NfzFYdyfQpALx_bjeppQFVWxvZGMoVTTq0VOnITxw,18147
+pywebexec/static/js/script.js,sha256=yO2PEsyO1F5w3lSCJyKkAtp21Tb7I3MQMPibxvdmFOc,18198
 pywebexec/static/js/xterm/LICENSE,sha256=EU1P4eXTull-_T9I80VuwnJXubB-zLzUl3xpEYj2T1M,1083
 pywebexec/static/js/xterm/addon-canvas.js,sha256=ez6QTVvsmLVNJmdJlM-ZQ5bErwlxAQ_9DUmDIptl2TM,94607
 pywebexec/static/js/xterm/addon-canvas.js.map,sha256=ECBA4B-BqUpdFeRzlsEWLSQnudnhLP-yPQJ8_hKquMo,379537
@@ -35,9 +35,9 @@ pywebexec/static/js/xterm/xterm.js.map,sha256=Y7O2Pb-fIS7Z8AC1D5s04_aiW_Jf1f4mCf
 pywebexec/templates/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pywebexec/templates/index.html,sha256=2fEN8cggHBEd8-RamDFpnekVJtIbRembFSw0-1YEptc,2979
 pywebexec/templates/popup.html,sha256=GT2jY7oOxpCaBaRl924QJWdFBmfSOP952T13d37R_pY,1506
-pywebexec-1.7.2.dist-info/LICENSE,sha256=gRJf0JPT_wsZJsUGlWPTS8Vypfl9vQ1qjp6sNbKykuA,1064
-pywebexec-1.7.2.dist-info/METADATA,sha256=NudV7MvLxsTsIZzpTjzNuLJNijAmoK0C9o5VDIg0oRI,8000
-pywebexec-1.7.2.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-pywebexec-1.7.2.dist-info/entry_points.txt,sha256=l52GBkPCXRkmlHfEyoVauyfBdg8o-CAtC8qQpOIjJK0,55
-pywebexec-1.7.2.dist-info/top_level.txt,sha256=vHoHyzngrfGdm_nM7Xn_5iLmaCrf10XO1EhldgNLEQ8,10
-pywebexec-1.7.2.dist-info/RECORD,,
+pywebexec-1.7.3.dist-info/LICENSE,sha256=gRJf0JPT_wsZJsUGlWPTS8Vypfl9vQ1qjp6sNbKykuA,1064
+pywebexec-1.7.3.dist-info/METADATA,sha256=-JC0TqKo6F5B43R4TKYjxzoyXvL986W-djlTshi6dUM,8060
+pywebexec-1.7.3.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+pywebexec-1.7.3.dist-info/entry_points.txt,sha256=l52GBkPCXRkmlHfEyoVauyfBdg8o-CAtC8qQpOIjJK0,55
+pywebexec-1.7.3.dist-info/top_level.txt,sha256=vHoHyzngrfGdm_nM7Xn_5iLmaCrf10XO1EhldgNLEQ8,10
+pywebexec-1.7.3.dist-info/RECORD,,